Hackers Using Colonial Pipeline Ransomware News in Latest Phishing Attacks
The Issue: The fallout from the Colonial Pipeline ransomware attack continues to have an ongoing effect as hackers are now using the notoriety of the attack to leverage further phishing attacks. According to a ZDNet article highly targeted phishing emails are being sent by cyber attackers, discussing the ransomware attack on Colonial Pipeline, and asking recipients to download “ransomware system updates” so that they can protect their organization. Malicious links then take users to websites with convincing names, but which then trick users into downloading malicious ransomware such as “Cobalt Strike”; which was involved in 2/3 of all ransomware attacks in Q4 of 2020. This malware injects malicious code into the network and allows hackers to lock targeted files.
The Cause: The devastation that the Colonial Pipeline ransomware attack caused in the power and related industries has created a lot of anxiety in the market with companies trying their best not to find themselves in a similar situation. Hackers are very quick to exploit this anxiety and have used meticulously craTed targeted emails that are quite convincing, with fake websites and domain names that give an air of legitmacy to their phishing attacks. Main of these emails are craTed so that they look like they are being sent from within these companies’ IT or HR departments themselves.
With many companies not formally training their employees on safe web surfing and internet usage, nor notifying these employees of these potential phishing attacks, many may unwittingly fall victim to these types of targeted attacks by appealing to their desire to protect their organizations from the crippling effects that Colonial Pipeline faced. Instead, they open the door for malicious code to enter the network.
• Many organizations have not instituted safe network and web usage training programs for their employees and thus can easily fall victim to targeted phishing attacks.
• The massive quantities and sophistication of these types of phishing events, especially in the wake of highly damaging attacks, makes it easier to exploit the anxiety that these attacks have cause.
• Organizations that rely on the detect and remediate approach to cyber security will almost certainly fall victim to the increase in ransomware activities. Without utilizing real-time threat prevention solutions, which can block these phishing attacks, and the malicious code that they could introduce to the network, before they can reach their targets, hackers will continue to wreak havoc. The Colonial Pipeline ransomware attack provides clear evidence that organizations need to start implemen8ng a real-time threat PREVENTION approach to security; stopping the attack before it can enter the network and do damage. The detect and remediate approach continues to be the more expensive solution as organizations are dealing with the fallout AFTER the attack has already occurred.
The Solution: Real-&me Threat Preven&on Can Detect and Block Phishing Atacks Before They Enter the Network
Wedge Absolute Real-time Protection (WedgeARP™) incorporates AI and Automated Machine Learning to determine the intent of content; blocking malicious code, malware and other cyber-attacks before they can access an organization’s network to do harm.
AI and Automated Machine Learning All content is scanned for “intent”, with malicious content blocked in real-time, before they can cause harm.
WedgeARP™: Real-time Intelligent IDPS Real-time scanning and machine learning that can defeat targeted attacks that deliver ransomware.
Real-time Threat Prevention Allows organizations to block phishing attacks and malware / ransomware before they reach end-users and do harm.
Management Through a “Single-Pane-of-Glass” Security policies and security services can be managed through a central location to protect all employees and devices.
Wedge Response to Industry Threats